[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie
authentication vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 9 10:53:00 GMT 2008
#5367: Wordpress cookie authentication vulnerability
-------------------------------------+--------------------------------------
Reporter: sjmurdoch | Owner: westi
Type: defect | Status: assigned
Priority: normal | Milestone: 2.5
Component: Security | Version: 2.3.1
Severity: normal | Resolution:
Keywords: security, password, md5 |
-------------------------------------+--------------------------------------
Comment (by sambauers):
Am I missing something or is the SECRET_KEY now not doing anything at all?
wp_salt() defines $secret_key from SECRET_KEY on lines 713 - 715 of
pluggable.php, but then doesn't concatenate it with $salt
Also, should some value be auto-generated for $secret_key if there is no
SECRET_KEY defined or do we just rely on the DB based secret in that case?
--
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:72>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list